Imagine this: the finance director of one of your fund’s portfolio companies, a well-known payment services provider, calls on Monday evening. The company has discovered ransomware barring it from accessing the majority of its IT systems and the cyber-threat actors are demanding a ransom before they will hand over the decryption key. The ransom will double each day it remains unpaid, and if the company does not pay, the hackers will publish all of the personal and sensitive business information they have captured. Within two days the ransom will exceed the company’s cyber insurance coverage and it will need a cash injection from the fund to satisfy the ransom demand. What do you do? This first article in a two-part guest series by Proskauer partners Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms and Jonathan M. Weiss tackles that question by considering immediate incident response steps and analyzing whether to pay a ransom from U.S., U.K. and E.U. perspectives. The second article will detail the notification obligations and other consequences of a ransomware attack. See “Six Ways Fund Managers Can Prepare for the SEC’s Focus on Cybersecurity and Resiliency” (May 26, 2020); and “Strategies to Mitigate Evolving Cybersecurity Risks Introduced by a Fully Remote Workforce” (May 19, 2020).